US20110213987A1 - Controller for data storage device, data storage device, and control method thereof - Google Patents
Controller for data storage device, data storage device, and control method thereof Download PDFInfo
- Publication number
- US20110213987A1 US20110213987A1 US12/917,341 US91734110A US2011213987A1 US 20110213987 A1 US20110213987 A1 US 20110213987A1 US 91734110 A US91734110 A US 91734110A US 2011213987 A1 US2011213987 A1 US 2011213987A1
- Authority
- US
- United States
- Prior art keywords
- data
- key
- host
- encryption
- encryptor
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
- G06F21/80—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in storage media based on magnetic or optical technology, e.g. disks with sectors
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/14—Error detection or correction of the data by redundancy in operation
- G06F11/1402—Saving, restoring, recovering or retrying
- G06F11/1446—Point-in-time backing up or restoration of persistent data
- G06F11/1458—Management of the backup or restore process
Definitions
- Embodiments described herein relate generally to a controller for a data storage device, a data storage device, and a control method thereof.
- Japanese Patent Application Publication (KOKAI) No. 2004-341768 discloses a magnetic disk device, i.e., hard disk drive (HDD), with encryption that encrypts plaintext data from a host and writes the encrypted data to the magnetic disk after the user is authenticated.
- the HDD decrypts the encrypted data on the magnetic disk to transfer the plaintext to the host after the user is authenticated. That is, when used by an authorized user, similar to a conventional HDD without using encryption, the HDD with encryption exchanges plaintext data with a host via an interface.
- data is loaded from the magnetic disk into the buffer random access memory (RAM).
- RAM buffer random access memory
- the data is decrypted by the encryption/decryption circuit using an old data key and is once again stored in the buffer RAM.
- the data stored in the buffer RAM is then encrypted by the encryption/decryption circuit using a new data key, and is written back to the magnetic disk via the buffer RAM.
- an HDD with encryption function sends plaintext data to a host if a backup HDD does not support encryption function. Accordingly, the plaintext data is stored in the backup HDD (for example, HDD of the host). Therefore, if the backup HDD is stolen or is disposed of, all information may leak therefrom, which is a security worry. To cope with this, if the host encrypts the data again using a backup key, the host is required to manage the backup key. Moreover, the host is necessitated to perform the processes except data backup always with data encryption, which increases load on the host.
- FIG. 1 is an exemplary perspective view of a magnetic disk device according to an embodiment
- FIG. 2 is an exemplary functional block diagram of an electric hardware configuration of the magnetic disk device in the embodiment
- FIG. 3 is an exemplary functional block diagram of a host interface (I/F) in a hard disk controller (HDC) in the embodiment;
- I/F host interface
- HDC hard disk controller
- FIG. 4 is an exemplary schematic diagram of a data flow in the host I/F of the HDC at the time of backup in the embodiment
- FIG. 5 is an exemplary sequence diagram of the operation of a host and the HDC of a hard disk drive (HDD) at the time of backup in the embodiment;
- HDD hard disk drive
- FIG. 6 is an exemplary schematic diagram of a data flow in the host I/F of the HDC at the time of restore in the embodiment
- FIG. 7 is an exemplary sequence diagram of the operation of the host and the HDC of the HDD at the time of restore in the embodiment
- FIG. 8 is an exemplary schematic diagram of a relationship between the host (personal computer) and the HDD at the time of backup and restore in the embodiment;
- FIG. 9 is an exemplary schematic diagram of a data flow in the host I/F of the HDC at the time of updating a data key in the embodiment.
- FIG. 10 is an exemplary sequence diagram of the operation of the host and the HDC of the HDD at the time of updating a data key in the embodiment.
- the input and output module is configured to manage data input and output between the storage module and a host.
- the encryption and decryption modules are configured to be switched to function as an encryptor or a decryptor.
- the connector is configured to change connection between the encryption and decryption modules and the host.
- one of the encryption and decryption modules on the side of the storage module is switched to function as a decryptor, while one of the encryption and decryption modules on the side of the host is switched to function as an encryptor.
- the decryptor, the encryptor, and the host are connected in series.
- the encrypted data is decrypted by the decryptor with the first key and is then encrypted by the encryptor with a second key to be output from the input and output module to the host.
- a data storage device comprises a storage module, an input and output module, a plurality of encryption and decryption modules, and a connector.
- the storage module is configured to store data encrypted with a first key.
- the input and output module is configured to manage data input and output between the storage module and a host.
- the encryption and decryption modules are configured to be switched to function as an encryptor or a decryptor.
- the connector is configured to change connection between the encryption and decryption modules and the host. When encrypted data is backed up, one of the encryption and decryption modules on the side of the storage module is switched to function as a decryptor, while one of the encryption and decryption modules on the side of the host is switched to function as an encryptor.
- the decryptor, the encryptor, and the host are connected in series.
- the encrypted data is decrypted by the decryptor with the first key and is then encrypted by the encryptor with a second key to be output from the input and output module to the host.
- a control method applied to a data storage device comprising a storage module configured to store data encrypted with a first key, an input and output module configured to manage data input and output between the storage module and a host, a plurality of encryption and decryption modules configured to be switched to function as an encryptor or a decryptor, and a connector configured to change connection between the encryption and decryption modules and the host.
- the control method comprises: when encrypted data is backed up, switching one of the encryption and decryption modules on the side of the storage module to function as a decryptor; switching one of the encryption and decryption modules on the side of the host to function as an encryptor; connecting the decryptor, the encryptor, and the host in series; decrypting the encrypted data by the decryptor with the first key to obtain decrypted data; encrypting the decrypted data by the encryptor with a second key; and outputting the encrypted data encrypted with the second key from the input and output module to the host.
- FIG. 1 is a perspective view of the magnetic disk device 1 according to the embodiment.
- the magnetic disk device 1 comprises a housing 10 that houses a magnetic disk 11 , a spindle motor 12 , a head slider 13 , a suspension 14 , and an actuator arm 15 .
- the spindle motor rotates the magnetic disk 11 .
- the head slider 13 is provided with a built-in magnetic head (not illustrated in FIG. 1 ).
- the magnetic disk device 1 further comprises a head suspension assembly and a voice coil motor (VCM) 16 .
- the head suspension assembly supports the head slider 13 .
- the VCM 16 is an actuator for the head suspension assembly.
- the magnetic disk 11 is rotated by the spindle motor 12 .
- the head slider 13 is provided with the magnetic head including a write head and a read head (none of them illustrated in FIG. 1 ).
- the actuator arm 15 is pivotally attached to a pivot 17 , and the suspension 14 is attached to an end of the actuator arm 15 .
- the head slider 13 is resiliently supported via a gimbal provided to the suspension 14 .
- the VCM 16 is provided to the other end of the actuator arm 15 .
- the VCM 16 rotates the actuator arm 15 about the pivot 17 to position the magnetic head so that the magnetic head floats above a radial position of the magnetic disk 11 .
- FIG. 2 is a functional block diagram of an electric hardware configuration of the magnetic disk device 1 .
- the magnetic disk 11 is rotated by the spindle motor 12 (see FIG. 1 ) about the rotation axis at a predetermined rotational speed.
- the rotation of the spindle motor 12 is driven by a motor driver 21 .
- a magnetic head 22 includes a write head and a read head. Using the write head and the read head, the magnetic head 22 writes data to and reads data from the magnetic disk 11 . As described above, the magnetic head 22 is located at an end of the actuator arm 15 and is moved in the radial direction of the magnetic disk 11 by the VCM 16 driven by the motor driver 21 . When the magnetic disk 11 is not rotating, the magnetic head 22 is retracted on a ramp 23 .
- a head amplifier 24 amplifies a signal read by the magnetic head 22 from the magnetic disk 11 and outputs it to a read write channel (RDC) 25 .
- the head amplifier 24 also amplifies a signal received from the RDC 25 to write data to the magnetic disk 11 and feeds it to the magnetic head 22 .
- the RDC 25 code-modulates data to be written to the magnetic disk 11 received from a central processing unit (CPU) 26 , which will be described later, and feeds it to the head amplifier 24 .
- the RDC 25 also code-modulates a signal read from the magnetic disk 11 and received from the head amplifier 24 and outputs it as digital data.
- the CPU 26 is connected to a static random access memory (SRAM) 27 as a working memory, a flash read only memory (ROM) 28 as a nonvolatile memory, and a buffer RAM 29 as a temporary storage.
- SRAM static random access memory
- ROM read only memory
- the CPU 26 controls the overall operation of the magnetic disk device 1 according to firmware stored in advance in the flash ROM 28 .
- a hard disk controller (HDC) 30 controls data communication (including data encryption and decryption) with a host computer 40 via an interface (I/F) bus, controls the buffer RAM 29 , and corrects an error in recorded data.
- the buffer RAM 29 is used to cache data communicated with the host computer 40 and to temporarily store data read from or to be written to the magnetic disk 11 , and the like.
- the magnetic disk device 1 is built in or externally connected to the host computer 40 .
- the RDC 25 , the CPU 26 , the SRAM 27 , and the HDC 30 constitute a controller 31 that controls the magnetic disk device 1 in the embodiment, it is not so limited.
- the controller 31 of the embodiment is configured as a system-on-a-chip (SoC). If the controller 31 is configured differently, among the constituent elements, at least the HDC 30 is formed of one chip. Accordingly, the salient feature of the HDC 30 described below is implemented by one-chip hardware.
- the encryption/decryption circuit of the HDC in a general HDD with encryption is implemented by a plurality of encryption/decryption circuits that realize parallel processing to ensure the data transfer capability of the interface to the host computer.
- Gbps gigabit per second
- SATA serial advanced technology attachment
- a clock frequency of 3000*0.8/(128/17) ⁇ 319 MHz or more is required.
- a required clock frequency is reduced to about 159 MHz, i.e., a half of that when no parallel processing is involved.
- the HDC 30 connects a plurality of encryption/decryption circuits (as decryptors) in parallel upon ordinary data read/write operation.
- the HDC 30 connects the encryption/decryption circuits in series upon backing up data to cause the encryption/decryption circuit at the output stage to function as an encryptor.
- data can be securely backed up.
- the backup data can be restored by applying the encryption/decryption in a reverse manner to the case of data backup with a reverse data flow.
- FIG. 3 is a block diagram of a host I/F 301 in the HDC 30 , which is a salient feature of the embodiment.
- FIG. 3 illustrates an example of a configuration based on SATA.
- bold lines indicate a data flow during ordinary data read operation.
- encryption/decryption circuits (advanced encryption standard (AES) 0, 1) 301 f and 301 g function as encryptors, and data flows in a direction reverse to that of data read operation.
- AES advanced encryption standard
- encrypted data is read from the magnetic disk 11 and temporarily stored in the buffer RAM 29 .
- the data is then read by a buffer manager 301 a from the buffer RAM 29 into the HDC 30 .
- a command layer 301 b subsequent to the buffer manager 301 a is an element to perform bidirectional communication with the same language as the ATA standard.
- the data from the buffer RAM 29 enters in two switch circuits SWO 301 d and SW 1 301 e through the buffer manager 301 a, the command layer 301 b, and a first-in, first-out (FIFO) memory 301 c.
- FIFO first-in, first-out
- the switch circuits SWO 301 d and SW 1 301 e are switched to be connected to the FIFO memory 301 c, and the encryption/decryption circuits (AES 1 and AES 0 ) 301 f and 301 g are switched to function as decryptors.
- 128-bit data from the FIFO memory 301 c are sequentially decrypted by the encryption/decryption circuits (AES 1 and AES 0 ) 301 f and 301 g.
- the decrypted data are output through a switch circuit SW 2 301 h, a transport layer 301 i, a link layer 301 j , and a PHY layer 301 k.
- the transport layer 301 i, the link layer 301 j , and the PHY layer 301 k are compliant with the SATA specification.
- the transport layer 301 i is an element to issue a command to control the entire protocol.
- the link layer 301 j is an element to control the PHY layer 301 k and perform data encoding.
- the PHY layer 301 k is an element to control a SATA signal, and transfers data from the link layer 301 j as serial data as well as transferring received data to the link layer 301 j in a form that can be analyzed by the link layer 301 j.
- FIG. 4 is a schematic diagram of a data flow in the host I/F 301 of the HDC 30 at the time of backup.
- FIG. 5 is a sequence diagram of the operation of the host computer 40 and the HDC 30 of the HDD (magnetic disk device) 1 at the time of backup.
- FIG. 8 is a schematic diagram of a relationship between the host computer (personal computer) 40 and the HDD 1 at the time of backup and restore.
- the host computer 40 generates a backup key to encrypt data (plaintext) to be backed up (S 501 ).
- a new backup key may be generated from a random number for each backup.
- the host computer 40 transfers the generated backup key to the magnetic disk device 1 (S 502 ).
- the HDC 30 of the controller 31 in the magnetic disk device 1 receives the data from the host computer 40 (S 503 ). Then, as illustrated in FIG. 4 , the encryption/decryption circuit (AESO) 301 g that receives the data is switched to function as a decryptor, while the encryption/decryption circuit (AES 1 ) 301 f that generates data to be written to the magnetic disk 11 is switched to function as an encryptor (S 504 ).
- the encryption/decryption circuits (AES 1 and AES 0 ) 301 f and 301 g are connected in series (S 505 ).
- the encryption/decryption circuit (AESO) 301 g as a decryptor decrypts data read from the magnetic disk 11 using a data key generated and retained by the HDC 30 .
- the encryption/decryption circuit (AES 1 ) 301 f as an encryptor encrypts the data read from the magnetic disk 11 and decrypted using the backup key received from the host computer 40 (S 506 ). In this manner, the data read from the magnetic disk 11 of the magnetic disk device 1 is decrypted by the data key and encrypted by the backup key in the HDC 30 , and transferred to the host computer 40 (S 507 ).
- the host computer 40 receives encrypted data transferred from the HDC 30 of the controller 31 (S 508 ), and stores it in the backup HDD (S 509 ).
- FIG. 6 is a schematic diagram of a data flow in the host I/F 301 of the HDC 30 at the time of restore.
- FIG. 7 is a sequence diagram of the operation of the host computer 40 and the HDC 30 of the HDD (magnetic disk device) 1 at the time of restore.
- FIG. 8 is a schematic diagram of a relationship between the host computer (personal computer) 40 and the HDD 1 at the time of backup and restore.
- the host computer 40 transfers the backup key used for the backup operation to the magnetic disk device 1 (S 701 ).
- the host computer 40 stores the backup key after backing up data received from the magnetic disk device 1 .
- the HDC 30 of the controller 31 in the magnetic disk device 1 switches the encryption/decryption circuit (AES 1 ) 301 f that receives the data from the host computer 40 to function as a decryptor (S 702 ).
- the HDC 30 switches the encryption/decryption circuit (AES 0 ) 301 g that generates encrypted data to be written to the magnetic disk 11 to function as an encryptor (S 703 ).
- the encryption/decryption circuits (AES 1 and AES 0 ) 301 f and 301 g are connected in series (S 704 ).
- the backup data is transferred from the host computer 40 (S 705 ).
- the host computer 40 can be notified of the data transfer timing by polling therefrom or a predetermined notification sent from the controller 31 to the host computer 40 .
- the encryption/decryption circuit (AES 1 ) 301 f as a decryptor decrypts the backup data using the backup key received from the host computer 40 to restore the backup data.
- the encryption/decryption circuit (AES 0 ) 301 g as an encryptor encrypts the data previously decrypted with the backup key using the data key generated and retained by the HDC 30 (S 707 ).
- the encrypted data is stored in the magnetic disk 11 (S 708 ). In this manner, the data transferred from the host computer 40 is decrypted with the backup key by the HDC 30 of the controller 31 .
- the decrypted data is encrypted with the data key and is stored in the magnetic disk 11 .
- a plurality of encryption/decryption circuits ( 301 f and 301 g ), which are generally connected in parallel, are connected in series.
- data generally exchanged as plaintext with the host computer is encrypted using a backup key and is output as backup data.
- the data can be securely backed up.
- the data encrypted with the backup key and backed up by the host computer is decrypted with the backup key by the HDC 30 , and thereby can be restored.
- the data key may be updated to ensure data security.
- an output module in the case of FIG. 9 , the encryption/decryption circuit (AES 1 ) 301 f ) of the encryption/decryption circuits (AES 1 and AES 0 ) 301 f and 301 g switched to be connected in series as at the time of data backup described above is not connected to the host computer, but is connected, i.e., looped back, to the buffer RAM 29 through the buffer manager 301 a (loop connection).
- FIG. 9 illustrates the connection relationship.
- the encryption/decryption circuit (AES 0 ) 301 g as a decryptor performs decryption using an old data key
- the encryption/decryption circuit (AES 1 ) 301 f as an encryptor performs encryption using a new data key
- FIG. 9 is a schematic diagram of a data flow in the host I/F 301 of the HDC 30 at the time of updating a data key.
- FIG. 10 is a sequence diagram of the operation of the host computer 40 and the HDC 30 of the HDD (magnetic disk device) 1 at the time of updating a data key.
- the functions of the encryption/decryption circuits (AES 1 and AES 0 ) 301 f and 301 g are switched (S 1001 ), and then they are switched to be connected in series (S 1002 ).
- Encrypted data is read from the magnetic disk 11 (S 1003 ).
- the data read from the magnetic disk 11 into the buffer RAM 29 is encrypted by an old data key.
- the encryption/decryption circuit (AES 0 ) 301 g as a decryptor decrypts the data using the old data key (S 1004 ).
- the encryption/decryption circuit (AES 1 ) 301 f as an encryptor encrypts the data using a new data key (S 1005 ).
- the encrypted data is looped back to the buffer RAM 29 via the buffer manager 301 a, and thereby the data encrypted with the new data key is loaded into the buffer RAM 29 .
- the data encrypted with the new data key is written back from the buffer RAM 29 to the magnetic disk 11 (S 1006 ). This process is repeated for the entire user data area. Thus, the data key is updated.
- data encrypted with a key (an old data key) on the buffer RAM 29 is decrypted in the HDC 30 of the controller 31 . Further, the data is encrypted again with a different key (a new data key) and is written back to the buffer RAM 29 .
- a new data key is not leaked out of the one-chip controller 31 such as SoC (to the buffer RAM 29 , etc.). Accordingly, when a data key used to encrypt data is updated, a new data key and the data can be maintained secret.
Abstract
According to one embodiment, a controller that controls a data storage device provided with a storage module that stores data encrypted with a first key includes an input/output module, encryption/decryption modules, and a connector. The input/output module manages data input and output between the storage module and a host. The encryption/decryption modules are switched to function as an encryptor or a decryptor. The connector changes connection between the encryption/decryption modules and the host. When encrypted data is backed up, one of the encryption/decryption modules is switched to function as a decryptor, while the other is switched to function as an encryptor. The decryptor, the encryptor, and the host are connected in series. The encrypted data is decrypted by the decryptor with the first key and is then encrypted by the encryptor with a second key to be output to the host.
Description
- This application is based upon and claims the benefit of priority from Japanese Patent Application No. 2010-043384, filed Feb. 26, 2010, the entire contents of which are incorporated herein by reference.
- Embodiments described herein relate generally to a controller for a data storage device, a data storage device, and a control method thereof.
- There are data storage devices that encrypt data before storing it to prevent information leakage when stolen or is disposed of. For example, Japanese Patent Application Publication (KOKAI) No. 2004-341768 discloses a magnetic disk device, i.e., hard disk drive (HDD), with encryption that encrypts plaintext data from a host and writes the encrypted data to the magnetic disk after the user is authenticated. The HDD decrypts the encrypted data on the magnetic disk to transfer the plaintext to the host after the user is authenticated. That is, when used by an authorized user, similar to a conventional HDD without using encryption, the HDD with encryption exchanges plaintext data with a host via an interface.
- In a conventional technology, upon updating a data key used to encrypt or decrypt data to be stored in the magnetic disk, data is loaded from the magnetic disk into the buffer random access memory (RAM). The data is decrypted by the encryption/decryption circuit using an old data key and is once again stored in the buffer RAM. The data stored in the buffer RAM is then encrypted by the encryption/decryption circuit using a new data key, and is written back to the magnetic disk via the buffer RAM.
- Even an HDD with encryption function sends plaintext data to a host if a backup HDD does not support encryption function. Accordingly, the plaintext data is stored in the backup HDD (for example, HDD of the host). Therefore, if the backup HDD is stolen or is disposed of, all information may leak therefrom, which is a security worry. To cope with this, if the host encrypts the data again using a backup key, the host is required to manage the backup key. Moreover, the host is necessitated to perform the processes except data backup always with data encryption, which increases load on the host.
- As in the conventional technology, if data stored in the magnetic disk is decrypted using an old data key and once stored in the buffer RAM, and is then encrypted using a new data key and written back to the magnetic disk via the buffer RAM upon updating a data key, when the buffer RAM is located outside the integrated circuit (IC) chip provided with the encryption/decryption circuit, the decrypted data is once stored outside the one-chip IC chip, which may result in the leakage of information indicating the old and new data keys and the plaintext data to the third party.
- A general architecture that implements the various features of the invention will now be described with reference to the drawings. The drawings and the associated descriptions are provided to illustrate embodiments of the invention and not to limit the scope of the invention.
-
FIG. 1 is an exemplary perspective view of a magnetic disk device according to an embodiment; -
FIG. 2 is an exemplary functional block diagram of an electric hardware configuration of the magnetic disk device in the embodiment; -
FIG. 3 is an exemplary functional block diagram of a host interface (I/F) in a hard disk controller (HDC) in the embodiment; -
FIG. 4 is an exemplary schematic diagram of a data flow in the host I/F of the HDC at the time of backup in the embodiment; -
FIG. 5 is an exemplary sequence diagram of the operation of a host and the HDC of a hard disk drive (HDD) at the time of backup in the embodiment; -
FIG. 6 is an exemplary schematic diagram of a data flow in the host I/F of the HDC at the time of restore in the embodiment; -
FIG. 7 is an exemplary sequence diagram of the operation of the host and the HDC of the HDD at the time of restore in the embodiment; -
FIG. 8 is an exemplary schematic diagram of a relationship between the host (personal computer) and the HDD at the time of backup and restore in the embodiment; -
FIG. 9 is an exemplary schematic diagram of a data flow in the host I/F of the HDC at the time of updating a data key in the embodiment; and -
FIG. 10 is an exemplary sequence diagram of the operation of the host and the HDC of the HDD at the time of updating a data key in the embodiment. - Various embodiments will be described hereinafter with reference to the accompanying drawings. In general, according to one embodiment, a controller configured to control a data storage device provided with a storage module that stores data encrypted with a first key comprises an input and output module, a plurality of encryption and decryption modules, and a connector. The input and output module is configured to manage data input and output between the storage module and a host. The encryption and decryption modules are configured to be switched to function as an encryptor or a decryptor. The connector is configured to change connection between the encryption and decryption modules and the host. When encrypted data is backed up, one of the encryption and decryption modules on the side of the storage module is switched to function as a decryptor, while one of the encryption and decryption modules on the side of the host is switched to function as an encryptor. The decryptor, the encryptor, and the host are connected in series. The encrypted data is decrypted by the decryptor with the first key and is then encrypted by the encryptor with a second key to be output from the input and output module to the host.
- According to another embodiment, a data storage device comprises a storage module, an input and output module, a plurality of encryption and decryption modules, and a connector. The storage module is configured to store data encrypted with a first key. The input and output module is configured to manage data input and output between the storage module and a host. The encryption and decryption modules are configured to be switched to function as an encryptor or a decryptor. The connector is configured to change connection between the encryption and decryption modules and the host. When encrypted data is backed up, one of the encryption and decryption modules on the side of the storage module is switched to function as a decryptor, while one of the encryption and decryption modules on the side of the host is switched to function as an encryptor. The decryptor, the encryptor, and the host are connected in series. The encrypted data is decrypted by the decryptor with the first key and is then encrypted by the encryptor with a second key to be output from the input and output module to the host.
- According to still another embodiment, there is provided a control method applied to a data storage device comprising a storage module configured to store data encrypted with a first key, an input and output module configured to manage data input and output between the storage module and a host, a plurality of encryption and decryption modules configured to be switched to function as an encryptor or a decryptor, and a connector configured to change connection between the encryption and decryption modules and the host. The control method comprises: when encrypted data is backed up, switching one of the encryption and decryption modules on the side of the storage module to function as a decryptor; switching one of the encryption and decryption modules on the side of the host to function as an encryptor; connecting the decryptor, the encryptor, and the host in series; decrypting the encrypted data by the decryptor with the first key to obtain decrypted data; encrypting the decrypted data by the encryptor with a second key; and outputting the encrypted data encrypted with the second key from the input and output module to the host.
- Like reference numerals refer to like parts throughout the several views of the drawings.
- With reference to
FIG. 1 , a description will be given of a configuration of amagnetic disk device 1 according to an embodiment.FIG. 1 is a perspective view of themagnetic disk device 1 according to the embodiment. - As illustrated in
FIG. 1 , similar to commonly known hard disk drives (HDDs), themagnetic disk device 1 comprises ahousing 10 that houses amagnetic disk 11, aspindle motor 12, ahead slider 13, asuspension 14, and anactuator arm 15. The spindle motor rotates themagnetic disk 11. Thehead slider 13 is provided with a built-in magnetic head (not illustrated inFIG. 1 ). Themagnetic disk device 1 further comprises a head suspension assembly and a voice coil motor (VCM) 16. The head suspension assembly supports thehead slider 13. TheVCM 16 is an actuator for the head suspension assembly. - The
magnetic disk 11 is rotated by thespindle motor 12. Thehead slider 13 is provided with the magnetic head including a write head and a read head (none of them illustrated inFIG. 1 ). Theactuator arm 15 is pivotally attached to apivot 17, and thesuspension 14 is attached to an end of theactuator arm 15. Thehead slider 13 is resiliently supported via a gimbal provided to thesuspension 14. The VCM 16 is provided to the other end of theactuator arm 15. TheVCM 16 rotates theactuator arm 15 about thepivot 17 to position the magnetic head so that the magnetic head floats above a radial position of themagnetic disk 11. - With reference to
FIG. 2 , a description will be given of an electric hardware configuration of themagnetic disk device 1 in the embodiment.FIG. 2 is a functional block diagram of an electric hardware configuration of themagnetic disk device 1. - In
FIG. 2 , themagnetic disk 11 is rotated by the spindle motor 12 (seeFIG. 1 ) about the rotation axis at a predetermined rotational speed. The rotation of thespindle motor 12 is driven by amotor driver 21. - A
magnetic head 22 includes a write head and a read head. Using the write head and the read head, themagnetic head 22 writes data to and reads data from themagnetic disk 11. As described above, themagnetic head 22 is located at an end of theactuator arm 15 and is moved in the radial direction of themagnetic disk 11 by theVCM 16 driven by themotor driver 21. When themagnetic disk 11 is not rotating, themagnetic head 22 is retracted on aramp 23. - A head amplifier 24 amplifies a signal read by the
magnetic head 22 from themagnetic disk 11 and outputs it to a read write channel (RDC) 25. The head amplifier 24 also amplifies a signal received from theRDC 25 to write data to themagnetic disk 11 and feeds it to themagnetic head 22. - The
RDC 25 code-modulates data to be written to themagnetic disk 11 received from a central processing unit (CPU) 26, which will be described later, and feeds it to the head amplifier 24. TheRDC 25 also code-modulates a signal read from themagnetic disk 11 and received from the head amplifier 24 and outputs it as digital data. - The
CPU 26 is connected to a static random access memory (SRAM) 27 as a working memory, a flash read only memory (ROM) 28 as a nonvolatile memory, and abuffer RAM 29 as a temporary storage. TheCPU 26 controls the overall operation of themagnetic disk device 1 according to firmware stored in advance in theflash ROM 28. - A hard disk controller (HDC) 30 controls data communication (including data encryption and decryption) with a
host computer 40 via an interface (I/F) bus, controls thebuffer RAM 29, and corrects an error in recorded data. Thebuffer RAM 29 is used to cache data communicated with thehost computer 40 and to temporarily store data read from or to be written to themagnetic disk 11, and the like. Themagnetic disk device 1 is built in or externally connected to thehost computer 40. While theRDC 25, theCPU 26, the SRAM 27, and theHDC 30 constitute acontroller 31 that controls themagnetic disk device 1 in the embodiment, it is not so limited. Besides, thecontroller 31 of the embodiment is configured as a system-on-a-chip (SoC). If thecontroller 31 is configured differently, among the constituent elements, at least theHDC 30 is formed of one chip. Accordingly, the salient feature of theHDC 30 described below is implemented by one-chip hardware. - A description will be given of the characteristic function and configuration of the
HDC 30. - The encryption/decryption circuit of the HDC in a general HDD with encryption is implemented by a plurality of encryption/decryption circuits that realize parallel processing to ensure the data transfer capability of the interface to the host computer. For example, to achieve 3 gigabit per second (Gbps) throughput in a serial advanced technology attachment (SATA) interface using an AES-CBC encryptor supporting a 256-bit key length without parallel processing, a clock frequency of 3000*0.8/(128/17)≈319 MHz or more is required. However, by having two encryption/decryption circuits mounted in parallel, a required clock frequency is reduced to about 159 MHz, i.e., a half of that when no parallel processing is involved.
- In the
magnetic disk device 1 of the embodiment, theHDC 30 connects a plurality of encryption/decryption circuits (as decryptors) in parallel upon ordinary data read/write operation. On the other hand, theHDC 30 connects the encryption/decryption circuits in series upon backing up data to cause the encryption/decryption circuit at the output stage to function as an encryptor. Thus, data can be securely backed up. The backup data can be restored by applying the encryption/decryption in a reverse manner to the case of data backup with a reverse data flow. - In the following, a specific configuration of the
HDC 30 will be described with reference toFIG. 3 .FIG. 3 is a block diagram of a host I/F 301 in theHDC 30, which is a salient feature of the embodiment.FIG. 3 illustrates an example of a configuration based on SATA. InFIG. 3 , bold lines indicate a data flow during ordinary data read operation. During ordinary data write operation, encryption/decryption circuits (advanced encryption standard (AES) 0, 1) 301 f and 301 g function as encryptors, and data flows in a direction reverse to that of data read operation. - As illustrated in
FIG. 3 , at the time of ordinary data read operation, encrypted data is read from themagnetic disk 11 and temporarily stored in thebuffer RAM 29. The data is then read by abuffer manager 301 a from thebuffer RAM 29 into theHDC 30. Acommand layer 301 b subsequent to thebuffer manager 301 a is an element to perform bidirectional communication with the same language as the ATA standard. The data from thebuffer RAM 29 enters in twoswitch circuits SWO 301 d andSW1 301 e through thebuffer manager 301 a, thecommand layer 301 b, and a first-in, first-out (FIFO)memory 301 c. Theswitch circuits SWO 301 d andSW1 301 e are switched to be connected to theFIFO memory 301 c, and the encryption/decryption circuits (AES1 and AES0) 301 f and 301 g are switched to function as decryptors. - For example, 128-bit data from the
FIFO memory 301 c are sequentially decrypted by the encryption/decryption circuits (AES1 and AES0) 301 f and 301 g. The decrypted data are output through aswitch circuit SW2 301 h, atransport layer 301 i, alink layer 301 j, and aPHY layer 301 k. Thetransport layer 301 i, thelink layer 301 j, and thePHY layer 301 k are compliant with the SATA specification. Thetransport layer 301 i is an element to issue a command to control the entire protocol. Thelink layer 301 j is an element to control thePHY layer 301 k and perform data encoding. ThePHY layer 301 k is an element to control a SATA signal, and transfers data from thelink layer 301 j as serial data as well as transferring received data to thelink layer 301 j in a form that can be analyzed by thelink layer 301 j. - A description will be given of the operation of the
magnetic disk device 1 having the host I/F 301 in theHDC 30 configured as above and thehost computer 40 to back up data in themagnetic disk device 1 and to restore the backup data in themagnetic disk device 1. - With reference to
FIGS. 4 , 5, and 8, the backup operation will be described.FIG. 4 is a schematic diagram of a data flow in the host I/F 301 of theHDC 30 at the time of backup.FIG. 5 is a sequence diagram of the operation of thehost computer 40 and theHDC 30 of the HDD (magnetic disk device) 1 at the time of backup.FIG. 8 is a schematic diagram of a relationship between the host computer (personal computer) 40 and theHDD 1 at the time of backup and restore. - As illustrated in
FIGS. 5 and 8 , thehost computer 40 generates a backup key to encrypt data (plaintext) to be backed up (S501). A new backup key may be generated from a random number for each backup. Thehost computer 40 transfers the generated backup key to the magnetic disk device 1 (S502). - The
HDC 30 of thecontroller 31 in themagnetic disk device 1 receives the data from the host computer 40 (S503). Then, as illustrated inFIG. 4 , the encryption/decryption circuit (AESO) 301 g that receives the data is switched to function as a decryptor, while the encryption/decryption circuit (AES1) 301 f that generates data to be written to themagnetic disk 11 is switched to function as an encryptor (S504). The encryption/decryption circuits (AES1 and AES0) 301 f and 301 g are connected in series (S505). - With this connection, the encryption/decryption circuit (AESO) 301 g as a decryptor decrypts data read from the
magnetic disk 11 using a data key generated and retained by theHDC 30. The encryption/decryption circuit (AES1) 301 f as an encryptor encrypts the data read from themagnetic disk 11 and decrypted using the backup key received from the host computer 40 (S506). In this manner, the data read from themagnetic disk 11 of themagnetic disk device 1 is decrypted by the data key and encrypted by the backup key in theHDC 30, and transferred to the host computer 40 (S507). - The
host computer 40 receives encrypted data transferred from theHDC 30 of the controller 31 (S508), and stores it in the backup HDD (S509). - With reference to
FIGS. 6 to 8 , the restore operation will be described.FIG. 6 is a schematic diagram of a data flow in the host I/F 301 of theHDC 30 at the time of restore.FIG. 7 is a sequence diagram of the operation of thehost computer 40 and theHDC 30 of the HDD (magnetic disk device) 1 at the time of restore.FIG. 8 is a schematic diagram of a relationship between the host computer (personal computer) 40 and theHDD 1 at the time of backup and restore. - To restore data backed up by the
host computer 40 into themagnetic disk device 1, as illustrates inFIGS. 7 and 8 , thehost computer 40 transfers the backup key used for the backup operation to the magnetic disk device 1 (S701). Thehost computer 40 stores the backup key after backing up data received from themagnetic disk device 1. - As illustrated in
FIG. 6 , theHDC 30 of thecontroller 31 in themagnetic disk device 1 switches the encryption/decryption circuit (AES1) 301 f that receives the data from thehost computer 40 to function as a decryptor (S702). On the other hand, theHDC 30 switches the encryption/decryption circuit (AES0) 301 g that generates encrypted data to be written to themagnetic disk 11 to function as an encryptor (S703). The encryption/decryption circuits (AES1 and AES0) 301 f and 301 g are connected in series (S704). - With this connection, the backup data is transferred from the host computer 40 (S705). The
host computer 40 can be notified of the data transfer timing by polling therefrom or a predetermined notification sent from thecontroller 31 to thehost computer 40. - When the
HDC 30 of thecontroller 31 receives the backup data from the host computer 40 (S706), the encryption/decryption circuit (AES1) 301 f as a decryptor decrypts the backup data using the backup key received from thehost computer 40 to restore the backup data. Meanwhile, the encryption/decryption circuit (AES0) 301 g as an encryptor encrypts the data previously decrypted with the backup key using the data key generated and retained by the HDC 30 (S707). The encrypted data is stored in the magnetic disk 11 (S708). In this manner, the data transferred from thehost computer 40 is decrypted with the backup key by theHDC 30 of thecontroller 31. The decrypted data is encrypted with the data key and is stored in themagnetic disk 11. - As described above, according to the embodiment, at the time of backup and restore, a plurality of encryption/decryption circuits (301 f and 301 g), which are generally connected in parallel, are connected in series. With this, data generally exchanged as plaintext with the host computer is encrypted using a backup key and is output as backup data. Thus, the data can be securely backed up. Further, the data encrypted with the backup key and backed up by the host computer is decrypted with the backup key by the
HDC 30, and thereby can be restored. - In an HDD with encryption (the
magnetic disk device 1, etc.), the data key may be updated to ensure data security. In such a case, an output module (in the case ofFIG. 9 , the encryption/decryption circuit (AES1) 301 f) of the encryption/decryption circuits (AES1 and AES0) 301 f and 301 g switched to be connected in series as at the time of data backup described above is not connected to the host computer, but is connected, i.e., looped back, to thebuffer RAM 29 through thebuffer manager 301 a (loop connection).FIG. 9 illustrates the connection relationship. With this connection, the encryption/decryption circuit (AES0) 301 g as a decryptor performs decryption using an old data key, while the encryption/decryption circuit (AES1) 301 f as an encryptor performs encryption using a new data key. - With reference to
FIGS. 9 and 10 , a description will be given of the operation to update a data key.FIG. 9 is a schematic diagram of a data flow in the host I/F 301 of theHDC 30 at the time of updating a data key.FIG. 10 is a sequence diagram of the operation of thehost computer 40 and theHDC 30 of the HDD (magnetic disk device) 1 at the time of updating a data key. - Upon updating a data key, to achieve the above configuration as illustrated in
FIG. 9 , first, the functions of the encryption/decryption circuits (AES1 and AES0) 301 f and 301 g are switched (S1001), and then they are switched to be connected in series (S1002). Encrypted data is read from the magnetic disk 11 (S1003). The data read from themagnetic disk 11 into thebuffer RAM 29 is encrypted by an old data key. The encryption/decryption circuit (AES0) 301 g as a decryptor decrypts the data using the old data key (S1004). After that, the encryption/decryption circuit (AES1) 301 f as an encryptor encrypts the data using a new data key (S1005). - The encrypted data is looped back to the
buffer RAM 29 via thebuffer manager 301 a, and thereby the data encrypted with the new data key is loaded into thebuffer RAM 29. The data encrypted with the new data key is written back from thebuffer RAM 29 to the magnetic disk 11 (S1006). This process is repeated for the entire user data area. Thus, the data key is updated. - As described above, according to the embodiment, using a plurality of encryption/decryption circuits for encrypting data to be stored and decrypting data to be output, data encrypted with a key (an old data key) on the
buffer RAM 29 is decrypted in theHDC 30 of thecontroller 31. Further, the data is encrypted again with a different key (a new data key) and is written back to thebuffer RAM 29. With this control, unencrypted plaintext data and a data key are not leaked out of the one-chip controller 31 such as SoC (to thebuffer RAM 29, etc.). Accordingly, when a data key used to encrypt data is updated, a new data key and the data can be maintained secret. - While the embodiment is described above as being applied to the magnetic disk device, it is not so limited. The embodiment may be applied to other data storage devices such as a solid state drive (SSD). In addition, the operations illustrated in the sequence diagrams are examples for the purpose of description.
- While certain embodiments have been described, these embodiments have been presented by way of example only, and are not intended to limit the scope of the inventions. Indeed, the novel methods and systems described herein may be embodied in a variety of other forms; furthermore, various omissions, substitutions and changes in the form of the methods and systems described herein may be made without departing from the spirit of the inventions. The accompanying claims and their equivalents are intended to cover such forms or modifications as would fall within the scope and spirit of the inventions.
Claims (15)
1. A controller configured to control a data storage device comprising a storage module configured to store data encrypted with a first key, the controller comprising:
an input and output module configured to manage data input and output between the storage module and a host;
a plurality of encryption and decryption modules configured to be switched to function as an encryptor or a decryptor; and
a connector configured to change connection between the encryption and decryption modules and the host,
wherein, when encrypted data is backed up, one of the encryption and decryption modules on a side of the storage module is configured to function as a decryptor, while one of the encryption and decryption modules on a side of the host is configured to function as an encryptor, the decryptor, the encryptor, and the host being connected in series, and
wherein the encrypted data is decrypted by the decryptor with the first key and is then encrypted by the encryptor with a second key to be output from the input and output module to the host.
2. The controller of claim 1 , wherein
when backup data encrypted with the second key is restored, the one of the encryption and decryption modules on the side of the host is configured to function as a decryptor, while the one of the encryption and decryption modules on the side of the storage module is configured to function as an encryptor, the decryptor, the encryptor, and the host being connected in series, and
wherein the backup data received by the input and output module from the host is decrypted by the decryptor with the second key and is then encrypted by the encryptor with the first key.
3. The controller of claim 1 , further comprising a key generator configured to generate a third key to replace the first key, wherein
when the first key is updated, one of the encryption and decryption modules on a data output upstream side is switched to function as a decryptor, while one of the encryption and decryption modules on a data output downstream side is switched to function as an encryptor, the decryptor, the encryptor, and the storage module being connected in a loop, and
the encrypted data is decrypted by the decryptor with the first key and is then encrypted by the encryptor with the third key generated by the key generator.
4. The controller of claim 1 , wherein
the first key is generated in the data storage device, and
the second key is generated by the host.
5. The controller of claim 1 , comprised of one chip.
6. A data storage device comprising:
a storage module configured to store data encrypted with a first key;
an input and output module configured to manage data input and output between the storage module and a host;
a plurality of encryption and decryption modules configured to be switched to function as an encryptor or a decryptor; and
a connector configured to change connection between the encryption and decryption modules and the host,
wherein, when encrypted data is backed up, one of the encryption and decryption modules on a side of the storage module is configured to function as a decryptor, while one of the encryption and decryption modules on a side of the host is configured to function as an encryptor,
the decryptor, the encryptor, and the host are connected in series, and
the encrypted data is decrypted by the decryptor with the first key and is then encrypted by the encryptor with a second key to be output from the input and output module to the host.
7. The data storage device of claim 6 , wherein
when backup data encrypted with the second key is restored, the one of the encryption and decryption modules on the side of the host is configured to function as a decryptor, while the one of the encryption and decryption modules on the side of the storage module is configured to function as an encryptor,
the decryptor, the encryptor, and the host are connected in series, and
the backup data received by the input and output module from the host is decrypted by the decryptor with the second key and is then encrypted by the encryptor with the first key.
8. The data storage device of claim 6 , further comprising a key generator configured to generate a third key to replace the first key, wherein
when the first key is updated, one of the encryption and decryption modules on a data output upstream side is switched to function as a decryptor, while one of the encryption and decryption modules on a data output downstream side is switched to function as an encryptor,
the decryptor, the encryptor, and the storage module are connected in a loop, and
the encrypted data is decrypted by the decryptor with the first key and is then encrypted by the encryptor with the third key generated by the key generator.
9. The data storage device of claim 6 , wherein
the first key is generated in the data storage device, and
the second key is generated by the host.
10. The data storage device of claim 6 , wherein each module is comprised of one chip.
11. A control method applied to a data storage device comprising a storage module configured to store data encrypted with a first key, an input and output module configured to manage data input and output between the storage module and a host, a plurality of encryption and decryption modules configured to be switched to function as an encryptor or a decryptor, and a connector configured to change connection between the encryption and decryption modules and the host, the control method comprising:
when first encrypted data is backed up,
switching one of the encryption and decryption modules on a side of the storage module to function as a decryptor;
switching one of the encryption and decryption modules on a side of the host to function as an encryptor;
connecting the decryptor, the encryptor, and the host in series;
decrypting the first encrypted data by the decryptor with the first key to obtain first decrypted data;
encrypting the first decrypted data by the encryptor with a second key to obtain second encrypted data; and
outputting the second encrypted data encrypted with the second key from the input and output module to the host.
12. The control method of claim 11 , further comprising:
when backup data encrypted with the second key is restored,
switching the one of the encryption and decryption modules on the side of the host to function as a decryptor;
switching the one of the encryption and decryption modules on the side of the storage module to function as an encryptor;
connecting the decryptor, the encryptor, and the host in series;
decrypting the backup data received by the input and output module from the host by the decryptor with the second key to obtain second decrypted data; and
encrypting the second decrypted data by the encryptor with the first key.
13. The control method of claim 11 , wherein the data storage device further comprising a key generator configured to generate a third key to replace the first key, the control method further comprising:
when the first key is updated,
switching one of the encryption and decryption modules on a data output upstream side to function as a decryptor;
switching one of the encryption and decryption modules on a data output downstream side to function as an encryptor;
connecting the decryptor, the encryptor, and the storage module in a loop;
decrypting the first encrypted data by the decryptor with the first key to obtain the first decrypted data; and
encrypting the first decrypted data by the encryptor with the third key generated by the key generator.
14. The control method of claim 11 , wherein
the first key is generated in the data storage device, and
the second key is generated by the host.
15. The control method of claim 11 , performed by a one-chip controller.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2010-043384 | 2010-02-26 | ||
JP2010043384A JP4834774B2 (en) | 2010-02-26 | 2010-02-26 | Data storage device controller, data storage device and control method therefor |
Publications (1)
Publication Number | Publication Date |
---|---|
US20110213987A1 true US20110213987A1 (en) | 2011-09-01 |
Family
ID=44505939
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/917,341 Abandoned US20110213987A1 (en) | 2010-02-26 | 2010-11-01 | Controller for data storage device, data storage device, and control method thereof |
Country Status (2)
Country | Link |
---|---|
US (1) | US20110213987A1 (en) |
JP (1) | JP4834774B2 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20210281423A1 (en) * | 2020-03-09 | 2021-09-09 | Kabushiki Kaisha Toshiba | Information processing device |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP3252651A1 (en) * | 2016-05-30 | 2017-12-06 | Samsung Electronics Co., Ltd | Computing system having an on-the-fly encryptor and an operating method thereof |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080016307A1 (en) * | 2006-06-28 | 2008-01-17 | Haruko Takano | Storage device and storing method |
US20080126813A1 (en) * | 2006-09-21 | 2008-05-29 | Hitachi, Ltd. | Storage control device and method of controlling encryption function of storage control device |
US7706531B2 (en) * | 1999-12-28 | 2010-04-27 | Panasonic Corporation | Recording apparatus, reproduction apparatus, data processing apparatus, recording and reproduction apparatus and data transmission apparatus and corresponding methods |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2002281016A (en) * | 2001-03-19 | 2002-09-27 | Toshiba Corp | Enciphering/deciphering device and cipher system changing method |
JP2006140547A (en) * | 2004-11-10 | 2006-06-01 | Hitachi Ltd | Signal processing apparatus and recording and reproducing apparatus |
JP4460470B2 (en) * | 2005-02-09 | 2010-05-12 | 株式会社日立製作所 | Information processing apparatus and data movement method |
JP2008301261A (en) * | 2007-05-31 | 2008-12-11 | Toshiba Corp | Receiving apparatus and receiving method |
-
2010
- 2010-02-26 JP JP2010043384A patent/JP4834774B2/en not_active Expired - Fee Related
- 2010-11-01 US US12/917,341 patent/US20110213987A1/en not_active Abandoned
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7706531B2 (en) * | 1999-12-28 | 2010-04-27 | Panasonic Corporation | Recording apparatus, reproduction apparatus, data processing apparatus, recording and reproduction apparatus and data transmission apparatus and corresponding methods |
US20080016307A1 (en) * | 2006-06-28 | 2008-01-17 | Haruko Takano | Storage device and storing method |
US20080126813A1 (en) * | 2006-09-21 | 2008-05-29 | Hitachi, Ltd. | Storage control device and method of controlling encryption function of storage control device |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20210281423A1 (en) * | 2020-03-09 | 2021-09-09 | Kabushiki Kaisha Toshiba | Information processing device |
US11888990B2 (en) * | 2020-03-09 | 2024-01-30 | Kabushiki Kaisha Toshiba | Information processing device controlling analysis of a program being executed based on a result of verification of an analysis program |
Also Published As
Publication number | Publication date |
---|---|
JP4834774B2 (en) | 2011-12-14 |
JP2011180778A (en) | 2011-09-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8239691B2 (en) | Data storage device and management method of cryptographic key thereof | |
US8489893B2 (en) | Encryption key rotation messages written and observed by storage controllers via storage media | |
CA2537299C (en) | On-chip storage, creation, and manipulation of an encryption key | |
JP5032647B2 (en) | Data storage device, control device, and encryption method | |
CA2793810C (en) | Method and system for securing data utilizing redundant secure key storage | |
US8352751B2 (en) | Encryption program operation management system and program | |
US20110188651A1 (en) | Key rotation for encrypted storage media using a mirrored volume revive operation | |
US20090316899A1 (en) | Encryption/decryption device and security storage device | |
JP2012090286A (en) | Memory system having encryption/decryption function of in stream data | |
US20100202608A1 (en) | Encryption device, decryption device, and storage device | |
TW200903254A (en) | Performing AES encryption or decryption in multiple modes with a single instruction | |
US9323943B2 (en) | Decrypt and encrypt data of storage device | |
CN104217180A (en) | Encrypted storage disc | |
JP2008524969A5 (en) | ||
JP2008524969A (en) | Memory system having in-stream data encryption / decryption function | |
KR101496975B1 (en) | Solid-state-disk and input/output method thereof | |
JP2008524754A (en) | Memory system having in-stream data encryption / decryption and error correction functions | |
US20110213987A1 (en) | Controller for data storage device, data storage device, and control method thereof | |
JP5532198B2 (en) | Security features in electronic devices | |
US20050259458A1 (en) | Method and system of encrypting/decrypting data stored in one or more storage devices | |
US20100138670A1 (en) | Storage apparatus and data writing method | |
US8234504B2 (en) | Method and system for data encryption and decryption | |
JP2007336446A (en) | Data encryption apparatus | |
JP2006330126A (en) | Ciphering processing method and deciphering processing method | |
JP2006339988A (en) | Stream controller, stream ciphering/deciphering device, and stream enciphering/deciphering method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: KABUSHIKI KAISHA TOSHIBA, JAPAN Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:KUZUHARA, TAKASHI;REEL/FRAME:025232/0957 Effective date: 20100929 |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |